httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] Proper config for suexec and maintain chroot'ed FTP?
Date Wed, 09 Nov 2005 18:31:48 GMT
On 11/9/05, John Goggan <> wrote:

> However, suexec still checks that the file is owned by the user trying to run
> it, correct?  Therefore, is doing a document root of /home (or even / and
> ignoring the doc root check for that matter) that insecure/dangerous if it
> only allows people to run things that they already own?

If the only thing under /home are files normally seen from the web,
then it isn't a big deal.  But if there are other executables under
there, then you open up a signficant danger if anyone ever compromises
the userid under which you run apache.  It doesn't instantly make your
system vulnerable -- it just removes one layer of protection.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message